Jiří Červenka
2006-Dec-06 12:25 UTC
[Samba] Winbind do not maintains mappings between UIDs, GIDs and SIDs
Hello, I?m trying to use winbind to allow my AD users to logon to our linux computers. I?m using FC6 and Samba 3.0.23c-2. I have several problems: 1. When I start linux machine and immediately ofter logging in I try to check trust secret by running wbinfo -t I receive this error: checking the trust secret via RPC calls failed error code was NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND (0xc0000233) could not check secret When I try to run wbinfo -t after a short while it returns: checking the trust secret via RPC calls succeeded. Is this normal behaviour? 2.Winbind do not maintain mappings between UIDs, GIDs and SIDs Winbindd and smbd are running, but when I run getent passwd I receive list of linux local users. And I?m not able to login to my linux machine until I manually add information about user in \etc\paswd. But this is unacceptable for me because I have 600+ users in my domain. Is there way how to make winbind to automaticaly update user mappings? 3. When I manually add informations about user into passwd I?m able to login but after inserting username I have to insert my password twice. Where can be the problem? My configuration files: My smb.conf: [global] workgroup = MYDOMAIN.COM server string = Samba Server security = domain winbind separator = \ idmap uid = 16777216-33554431 idmap gid = 16777216-33554431 winbind enum users = yes winbind enum groups = yes template homedir = /home/winnt/%U template shell = /bin/bash winbind use default domain = true winbind cache time = 10 encrypt passwords = yes winbind trusted domains only = yes obey pam restrictions = yes password server = server.mydomain.com [homes] comment = Home Directories browseable = no writable = yes My nsswitch.conf: passwd: files winbind shadow: files winbind group: files winbind hosts: files dns bootparams: nisplus [NOTFOUND=return] files ethers: files netmasks: files networks: files protocols: files winbind rpc: files services: files winbind netgroup: files winbind publickey: nisplus automount: files winbind aliases: files nisplus My pam.d configuration: auth required pam_env.so auth sufficient pam_unix.so nullok try_first_pass auth requisite pam_succeed_if.so uid >= 500 quiet auth sufficient pam_winbind.so auth required pam_deny.so account required pam_unix.so broken_shadow account sufficient pam_localuser.so account sufficient pam_succeed_if.so uid < 500 quiet account sufficient pam_winbind.so account required pam_permit.so password requisite pam_cracklib.so try_first_pass retry=3 password sufficient pam_unix.so md5 shadow nullok try_first_pass use_authtok password sufficient pam_winbind.so use_authtok password required pam_deny.so session optional pam_keyinit.so revoke session required pam_limits.so session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid session required pam_unix.so session required pam_mkhomedir.so skel=/etc/skel/ umask=0022 Thanks for any help. Jiri
Franz Strebel
2006-Dec-06 12:58 UTC
[Samba] Winbind do not maintains mappings between UIDs, GIDs and SIDs
Do you have libnss_winbind.so in /lib? There should also be a symbolic link to it in the same directory called libnss_winbind.so.2
Jiří Červenka
2006-Dec-06 13:18 UTC
[Samba] Winbind do not maintains mappings between UIDs, GIDs and SIDs
Yes: /usr/lib/libnss_winbind.so /lib/libnss_winbind.so.2 Franz Strebel napsal(a):> Do you have libnss_winbind.so in /lib? There should also be a symbolic > link to it in the same directory called libnss_winbind.so.2 >
OgeeN
2006-Dec-07 09:57 UTC
[Samba] Winbind do not maintains mappings between UIDs, GIDs and SIDs
Hello, I?m trying to use winbind to allow my AD users to logon to our linux computers. I?m using FC6 and Samba 3.0.23c-2. I have several problems: 1. When I start linux machine and immediately ofter logging in I try to check trust secret by running wbinfo -t I receive this error: checking the trust secret via RPC calls failed error code was NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND (0xc0000233) could not check secret When I try to run wbinfo -t after a short while it returns: checking the trust secret via RPC calls succeeded. Is this normal behaviour? 2.Winbind do not maintain mappings between UIDs, GIDs and SIDs Winbindd and smbd are running, but when I run getent passwd I receive list of linux local users. And I?m not able to login to my linux machine until I manually add information about user in \etc\paswd. But this is unacceptable for me because I have 600+ users in my domain. Is there way how to make winbind to automaticaly update user mappings? 3. When I manually add informations about user into passwd I?m able to login but after inserting username I have to insert my password twice. Where can be the problem? My configuration files: My smb.conf: [global] workgroup = MYDOMAIN.COM server string = Samba Server security = domain winbind separator = \ idmap uid = 16777216-33554431 idmap gid = 16777216-33554431 winbind enum users = yes winbind enum groups = yes template homedir = /home/winnt/%U template shell = /bin/bash winbind use default domain = true winbind cache time = 10 encrypt passwords = yes winbind trusted domains only = yes obey pam restrictions = yes password server = server.mydomain.com [homes] comment = Home Directories browseable = no writable = yes My nsswitch.conf: passwd: files winbind shadow: files winbind group: files winbind hosts: files dns bootparams: nisplus [NOTFOUND=return] files ethers: files netmasks: files networks: files protocols: files winbind rpc: files services: files winbind netgroup: files winbind publickey: nisplus automount: files winbind aliases: files nisplus My pam.d configuration: auth required pam_env.so auth sufficient pam_unix.so nullok try_first_pass auth requisite pam_succeed_if.so uid >= 500 quiet auth sufficient pam_winbind.so auth required pam_deny.so account required pam_unix.so broken_shadow account sufficient pam_localuser.so account sufficient pam_succeed_if.so uid < 500 quiet account sufficient pam_winbind.so account required pam_permit.so password requisite pam_cracklib.so try_first_pass retry=3 password sufficient pam_unix.so md5 shadow nullok try_first_pass use_authtok password sufficient pam_winbind.so use_authtok password required pam_deny.so session optional pam_keyinit.so revoke session required pam_limits.so session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid session required pam_unix.so session required pam_mkhomedir.so skel=/etc/skel/ umask=0022 Thanks for any help. Jiri -- View this message in context: nabble.com/Winbind-do-not-maintains-mappings-between-UIDs, GIDs-and-SIDs-tf2773361.html#a7736155 Sent from the Samba - General mailing list archive at Nabble.com.